Unconditionally secure device-independent quantum key distribution 

with only two devices 
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Device-independent quantum key distribution is the task of using uncharacterized quantum de- 
vices to establish a shared key between two users. If a protocol is secure regardless of the device 
behaviour, it can be used to generate a shared key even if the supplier of the devices is malicious. 
To date, all device-independent quantum key distribution protocols that are known to be secure 
require separate isolated devices for each entangled pair, which is a significant practical limitation. 
We introduce a protocol that requires Alice and Bob to have only one device each. Although ineffi- 
cient, our protocol is unconditionally secure against an adversarial supplier limited only by locally 
enforced signalling constraints. 
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Introduction 

Key distribution is the task of establishing shared se- 
cret strings between two parties, and is sufficient for se- 
cure communication. Classical key distribution protocols 
base their security on assumptions about an eavesdrop- 
per's computational power. On the other hand, quantum 
key distribution protocols (e.g. [H, 0) promise security 
against an arbitrarily powerful eavesdropper, and do so 
in the presence of realistic noise levels. However, in order 
for the security proofs to apply, the devices must oper- 
ate according to certain specifications. Deviations from 
these can introduce security flaws, which can be difficult 
to identify (see e.g. [|| for practical illustrations of such 
attacks). 

The difficulty associated with verifying the operation 
of quantum devices has led to much interest in device- 
independent quantum cryptography protocols. Ideally, 
such protocols guarantee security by tests on the outputs 
of the devices: no specification of their internal function- 
ality is required. In a sense, the protocol verifies the 
devices' security on-the-fly. 

Device-independent cryptography was first introduced 
by Mayers and Yao [J] (albeit under a different name) and 
the first quantum key distribution protocol to be proven 
device- independently secure was the Barrett- Hardy-Kent 
(BHK) protocol @. The BHK security proof applies 
not only against an arbitrarily powerful quantum eaves- 
dropper (who also supplies the devices) but even against 
an eavesdropper and device-supplier who has discovered 
and makes use of any post-quantum physical theory, pro- 
vided that, within the theory, the honest parties can en- 
force local signalling constraints. The applicability of 
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the BHK protocol and proof to device- independent quan- 
tum cryptography was explicitly pointed out by later au- 
thors, who went on to develop some more efficient device- 
independent protocols with security proofs against re- 
stricted eavesdroppers .6-8] as well as other protocols 
shown to be unconditionally secure [9l-[l3j. 

From a theoretical perspective, the BHK protocol pro- 
vided an existence theorem for a task that had not been 
known to be possible. Practically, however, it has draw- 
backs. One is that, as formulated, it generates only a 
single bit of secure key. Although it can be modified us- 
ing an idea from 1A\ to produce an arbitrarily long key, 
even with this modification, the protocol is inefficient and 
unable to tolerate reasonable levels of noise. 

A serious practical problem with all the protocols with 
proven unconditional device-independent security p| |^, 
\VX [lH is that they require that each (purportedly) en- 
tangled pair used in the protocol is isolated from the 
others. The protocols thus require a separate and iso- 
lated pair of devices for each entangled pair to ensure 
full device-independent security. This evidently makes 
such protocols costly to implement in practice. 

We introduce here a protocol that evades this limita- 
tion, requiring only a single device for each user. Our 
protocol is a refinement of the BHK protocol, necessary 
in order to allow security when used with only two de- 
vices. As we have discussed elsewhere [II], the compos- 
ability of device independent protocols is problematic if 
devices are reused in subsequent implementations. Here 
we show that if devices are not reused, then our protocol 
is secure according to a universally composable security 
definition, even against an adversary who supplies the de- 
vices and is restricted only by signalling constraints. As 
described, our protocol generates a single secure key bit. 
We also indicate how it can be modified using the idea 
in [ijj] , to produce a key of arbitrary length. In addition, 
since it is composable, further key bits can be generated 
by running the protocol several times (although in this 
case, fresh devices are required for each run). 
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We see the value of our protocol as an existence the- 
orem showing that device-independent quantum key dis- 
tribution is in principle possible with only two devices. 
Whether this task can be achieved more efficiently and 
with reasonable noise tolerance remains (as far as we are 
aware) an open question. 

We also show that some apparently natural extensions 
of existing protocols to two devices are insecure against 
eavesdroppers restricted only by signalling constraints, 
and in some cases also against quantum eavesdroppers. 
This may have impact in a recent line of work on the im- 
possibility of privacy amplification against non-signalling 
eavesdroppers f]~6L firjj . 

Cryptographic scenario 

We use a standard cryptographic scenario for key dis- 
tribution. Here, two users (Alice and Bob), each have 
a secure laboratory in which to work, which they may 
partition into secure sub-laboratories. These allow Al- 
ice and Bob to prevent unauthorized communications 
between any devices they use. They are also each as- 
sumed to have (or be able to generate) their own sup- 
ply of trusted random bits. To communicate between 
one another, Alice and Bob have access to an authen- 
ticated, but insecure, classical channel, and an insecure 
quantum channel. They may process classical informa- 
tion in a trusted way within their laboratories. However, 
any devices they use for quantum information processing 
are assumed to be supplied by an untrusted adversary 
(Eve). Eve may access (but not modify) any classical 
correspondence between Alice and Bob, and may access 
and modify quantum communication between them. She 
has complete knowledge of the protocol, but does not 
have access to the classical random data that Alice and 
Bob generate within their labs and use for the protocol 
(except for information she can deduce from what they 
make public). 



the first qubit in the basis {cos 1 1 0) + sin 1 1 1 ) , sin 1 1 0) — 
cos||l}}, where 9 — jj^; similarly Bob's input B is 
claimed to correspond to measuring the second qubit in 
the basis defined by 6 — t^. Alice and Bob do not need 
to test these precise claims, but instead perform various 
measurements and check their outcomes in such a way 
that the checks are unlikely to pass unless the produced 
bit is virtually as secure as a bit that would be generated 
were Eve's claims correct. 

The protocol involves two security parameters: the in- 
teger N > 2 defined above, and a real number a in the 
range < a < 1: to achieve reasonable security TV needs 
to be large and a small. All classical communication 
between Alice and Bob is done via their authenticated 
classical channel. 

Throughout the protocol, Alice and Bob keep their de- 
vices in isolated parts of their secure laboratories, ensur- 
ing that each device only learns its own inputs and can- 
not send any information outside the secure area. This 
ensures that the behaviour of the devices, which can be 
specified by a conditional probability distribution, satis- 
fies certain non-signalling constraints. In particular, if 
the system Alice and Bob measure is correlated with a 
third system with input C and outcome Z, then the over- 
all behaviour of the devices, Pxyz\abc> must be non- 
signalling, i.e. satisfy 

PxY\ABC — PxY\AB (1) 

Pyz\abc — Pyz\bc 

PxZ\ABC — PxZ\AC ■ 

These conditions ensure that if three parties possess de- 
vices with this behaviour, no subset of the parties can 
signal to any other subset by varying their choice of in- 
put. 



Protocol R 



Setup for the protocol 

Alice and Bob each have a device, potentially sup- 
plied by Eve, that has an input port with N > 2 pos- 
sible inputs and an output port with 2 possible out- 
puts. Alice's inputs are denoted A G {0, 2, . . . , 2N — 2}, 
and Bob's B E {1,3,..., 2N — 1}, and their respective 
outputs are denoted X E {0,1} and Y E {0,1}. We 
define a set of allowed input pairs (A, B) by Qm := 
{(0, 2N - 1), (0, 1), (2, 1), (2, 3), . . . , (2N - 2, 2N - 1)}, 
with \Gn\ = 2N. For convenience, we introduce X' as 
a variable that is equal to 1 - X if (A, B) = (0, 2N - 1), 
and equal to X otherwise. 

The devices are claimed by Eve to function by carrying 
out specified binary outcome measurements on the max- 
imally entangled two qubit state $+) = ^(|00) + 1 1 1 > ) . 
Alice's input A is claimed to correspond to measuring 



1. Alice randomly chooses K, such that K — with 
probability 1 — a and K = 1 with probability a. 
She announces K to Bob. 

2. On the i th round, Alice picks a pair of values 
(Aj, Bi) at random from the set Gn specified above, 
and announces them both to Bob 1 . 

3. Alice inputs Ai into her device, and Bob B t into his, 
and they record their outputs, the bits Xi and Yi 
respectively. (Alice ensures that her device doesn't 
learn Bi.) If (A l: BA = (0, 2N- 1), Alice sets X[ = 
1 — Xi, otherwise she sets Xi — Xi . 



1 In fact, Alice need only announce but we have her announce 
both to make the analysis simpler. 



3 



4. If K — 0, Alice and Bob announce X[ and Yi. If 
X'j ^ Y i: they abort. Otherwise, they return to 
StepQ] 

5. If K = 1, write i = / (the final value of i). The bits 
XL and Yf are taken to be the final shared secret 
key bit. 

As presented above, this protocol requires Alice's and 
Bob's devices to contain sufficient pre-shared entangle- 
ment before the protocol starts. Taken literally, this re- 
quires an infinite supply of pre-shared |$ + ) states. More 
realistically, it requires a large number M 3> a~ l of 
pre-shared |<E ,+ ) states, and that the parties accept a 
small probability of the protocol aborting because the 
supply is exhausted. These stringent technological re- 
quirements can be avoided by introducing an additional 
(untrusted) state-creation device, which could be incor- 
porated into Alice's or Bob's measurement device, and 
which is supposed to generate |$ + ) states and send one 
qubit over the insecure quantum channel to the other 
party. The i th state must be distributed before any infor- 
mation about the measurements (Ai,Bi) or the value of 
K is announced. This modification (call it Protocol R + ) 
gives Eve more cheating strategies but, as we show below, 
is still secure. 



Security — main idea 



we can take to hold the system with input C and output 
Z) must have almost no information about the outcomes 
they obtain. The protocol is designed so that (roughly 
speaking) if Eve supplies states for which there are many 
rounds in the protocol where In is high, the protocol is 
likely to abort, while if she supplies a state that has high 
In on only a few rounds, the round at which Alice and 
Bob finally (hope to) create the key bit is likely to have 
low In, and so the key bit is likely to be indeed both 
agreed by Alice and Bob and secure against Eve. 

Our main result is that, if we choose a = iV~2 ; and 
take N to be large, Protocol R is unconditionally secure, 
in the sense that the key bit it generates can be treated 
as though produced by a secure random key distribution 
oracle. Provided that the devices are not reused and are 
securely isolated, so that secret information generated in 
the protocol cannot subsequently be made public [llj], 
this also shows that the generated key bit is composably 
secure. 

Although the protocol generates only a single key bit, 
it can be simply modified to generate more key bits, still 
using only two devices, based on correlations introduced 
in jl4} . The modified protocol uses devices with L > 2 
outcomes on each side and In is replaced by the quantity 

In,l(Pxy\ab) ■= P(X(£ L 1^Y\A = 1 B = 2N - 1) + 
£ P(X ^Y\A = a,B = b), 

a, fa 

|a-M=l 



The idea behind the security of this protocol is as fol- 
lows. If the states and measurements are as Eve claims, 
then the quantity In defined by 

In = In(Pxy\ab) ■= P(X = Y\A = 0, B = 2N - 1) + 

P(X^Y\A = a.B = b) 



where X ®l 1 represents addition modulo L. This pro- 
tocol can be implemented by quantum devices contain- 
ing maximally entangled L-dimcnsional quantum states 
and carrying out measurements with L possible out- 
comes fl4| . 

The next section contains a precise statement and 
proof of security for Protocol R. 



satisfies 



Security definition 
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As N increases, these correlations give larger violations 
the chained Bell inequalities [l8l . [l9| , which in this for- 
mulation are In > 1- 

The significance of this violation of the chained Bell 
inequalities for secrecy is that, in the limit of large N, the 
correlations that achieve the quan tum bound ([2]) become 
monogamous and uniform [El Il4j. That is, for any non- 
signalling distribution Pxyz\abc f° r which In(Pxy\ab) 
is small, and for any choice of input c, the outcome Z 
is virtually uncorrelated with X , and Px\A=a is virtually 
indistinguishable from uniform, for all a. 2 In other words, 
if Alice's and Bob's systems have a low In, then Eve (who 



We use here a standard definition of composable secu- 
rity (based on the definitions in [20(, previously app lied 
in an analogous way to our treatment in [IJ Qjl, [21j). A 
composable security definition should ensure that a pro- 
tocol is not only secure for a single instance, but that it 
remains secure if used as a sub-protocol in part of an ar- 
bitrary extended protocol. In order to show this, one con- 
siders an ideal protocol (that is by definition secure) and 
proves that there is no extended protocol that can cor- 
rectly guess whether it is interfacing with the ideal or real 



A note about that notation used in this paper. We tend to 



use upper case for random variables, and lower case for partic- 
ular instances of them. In addition, Px\A=a i s the distribution 
over the random variable X conditioned on the event that ran- 
dom variable A takes value a. This will often be abbreviated to 
Px | a ■ There is another common notation in which this is written 
P(X\A = a). 
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protocol with probability significantly greater than i. 
Roughly speaking, the idea is that if this holds, the two 
protocols behave essentially identically when used as part 
of any other protocol. Furthermore, if the probability of 
correctly guessing differs from i by at most p, then, for 
n uses of either the real protocol or idea, the probability 
of correctly guessing differs from i by at most np. 

Formally, one considers a distinguishes that tries to 
guess which protocol (the real or ideal) is being used. For 
two key distribution protocols, 1 and 2, a distinguisher is 
an extended protocol that uses the candidate protocol as 
a sub-protocol, and outputs a single bit, corresponding 
to a guess of whether the sub-protocol was protocol 1 
or 2. The distinguisher can ask the eavesdropper to act 
in any way 3 , and can use Eve's outputs, those of the 
honest parties and any information made public in the 
protocol's implementation to try to distinguish the two. 
It does not, however, have access to any private data that 
the honest users use. 

Let us denote by T the complete set of random vari- 
ables the distinguisher receives from Alice and Bob dur- 
ing the protocol, as well as the protocol's outputs. If 
Protocol 1 is followed, these are distributed according to 
Qf, while if Protocol 2 is followed, these are distributed 
according to Qp (for some fixed device behaviour chosen 
by Eve). Having received these, the distinguisher has ac- 
cess to a system (held by Eve) with input denoted C, and 
output Z. The probability of correctly guessing whether 
Alice and Bob are following Protocol 1 or 2 (chosen with 
probability g each) is given by 4 . 

i(i + ^ E m c ax E IQhMQ^M - Q 2 Ai)Ql h M\) ■ 

7 z 

The notion of security we use is based on the success 
probability of the optimal distinguisher (i.e. where the 
distinguisher asks Eve to behave in such a way as to 
make distinguishing easiest) 5 . 



3 Note that what Eve does can be adapted depending on any in- 
formation available to the distinguisher. 

4 Note that in the case that Eve keeps only a classical system (so 
there is no c), this reduces to i(l + D(P^ Z , Pp Z )), where D 
denotes the total variation distance (defined later). 

5 A note on notation: we characterize the behaviour of the devices 
by the joint conditional probabilities of the outputs if the inputs 
are chosen independently, and label these using P. For example, 
in the case of three devices shared between Alice, Bob and Eve, 
these are denoted Pxy z\ABC an d are assumed to satisfy the no- 
signalling conditions Q. We use expressions involving Q (e.g., 
Qrcz) to denote the actual distribution of random variables in 
the scenario where a protocol is being performed on these systems 
in conjunction with a distinguisher. There is an important dis- 
tinction between the two: since a distinguisher can arrange that 
C is correlated with T, Q may no longer obey the no-signalling 
conditions (I}. For example, if T includes the output, X, of Al- 
ice's device (whose input is A), and the distinguisher chooses 
C = X, the non-signalling condition Qx\AC = Qx\A does not 
generally hold. 



Definition 1. Protocol 1 is said to be (-secure with re- 
spect to Protocol 2 if the probability of correctly guessing 
whether a candidate protocol is Protocol 1 or 2 (chosen 
with probability | each) by any distinguisher is at most 

We define an ideal protocol, Protocol id, to be identical 
to Protocol R, except that Step [5] is replaced by 

|SJ. If K — 1, Alice and Bob take their outputs from 
a hypothetical device that gives X to Alice, and 
Y to Bob such that X = Y and X is uniformly 
distributed and uncorrelated with any other infor- 
mation. 

This protocol either aborts (with the same probability as 
Protocol r) , or outputs the same perfectly private bit to 
both Alice and Bob. 

In order to prove security of Protocol R, it is useful to 
define a modified protocol, to be used as a technical tool 
in the proof. We consider a protocol that is the same 
as Protocol R, except with a more powerful eavesdropper 
who, before the protocol restarts at the end of Step 0] 
has access to all the data previously produced and can 
alter Alice's and Bob's devices at this stage. Formally, 
let Protocol r' be identical to Protocol R, except that 
Step [4] is replaced by 

HI. If K = 0, Alice and Bob publicly announce their 
outputs X[ and Y t . If X[ ^ Y u they abort. Oth- 
erwise, they return their devices to Eve who can 
modify them and supply new ones. Alice and Bob 
both announce receipt of their new devices, before 
returning to Step [TJ 

We also define an analogous ideal, Protocol id', which 
is obtained from Protocol ID by replacing Step 0] with 
StepH. 

The reason for this adjustment is that Protocol r' 
clearly cannot be more secure than Protocol R (the set 
of allowed actions of Eve in Protocol r' is strictly larger 
than that in Protocol r). Hence it is sufficient to prove 
security of Protocol r'. But the analysis of Protocol r' is 
relatively simple, because the optimal distinguisher will 
ask the eavesdropper to act in an independent and iden- 
tically distributed (i.i.d.) way on each round, and is es- 
sentially characterized by the single constant value of In 
used on each round. 

We will show that Protocol r' is ^-secure with respect 
to Protocol id', where the parameter £ can be made ar- 
bitrarily small by appropriate choices of a and N . Since 
both protocols have identical probabilities of aborting, 
an abort event cannot help the distinguisher. Further- 
more, in any strategy with a significant probability of not 
aborting, the protocols remain virtually indistinguish- 
able. This shows that Protocol r' is composably secure 
in the appropriate sense. As mentioned before, it follows 
that Protocol R is also ^-secure with respect to Proto- 
col ID and hence also composably secure. 
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Security proof 

The proof bounds the probability of distinguishing 
Protocols r' and id'. First, note that there is an op- 
timal distinguishing strategy in which Eve's actions are 
i.i.d. since, if it does not abort, when the protocol returns 
to Step[TJ the maximum probability of distinguishing the 
protocols is identical to that before the protocol began. 

We use the following lemma, that uses In to bound 
the distance between probability distributions, mea- 
sured using the total variation distance, D(Px,Qx) '■= 
\ ^2x \Px(x) — Qx(x)\. The proof of this lemma can be 
found in |22l Supplementary Information] (and is based 
on similar results in 0, [l4|, H3| ) : 

Lemma 2. JH1 / For any non-signalling device behaviour, 



P 



XYZ\ABC 



, in which X and Y are binary, we have 
D(Pz\ abcx i Pz\c) < In(Pxy\ab) 



for all a, b, c and x, ano 



D{Px\abci -j) < ^In{PxY\Ab) 



(4) 



(5) 



for all a, b and c. 



(Note: We use D(P X \ a bci \) to denote the distance 
between Px\abc ancl the distribution where X = and 
X = 1 both occur with probability ^.) 



Note that these relations imply 

D(Pz\ abc.X'—x •> Pz\c) < In(Pxy\ab) (6) 

and 

1, 1 



D(P x/{ab ,-) < -I n {P X y\ab) 



(7) 



Note also that, from the definition of In, averaging 
over the measurements in Qn (picked uniformly), we have 



P(X'?Y) := J2 



Px-Y\ab{x,l-X) 



2N 



(a,b)eg N 

_ In{Pxy\ab) 
2N ' 

We also need the following generalization of ([5]) : 



(8) 



Lemma 3. For any non- signalling device behaviour, 
Pxy z\abc , i n which X and Y are binary, and In ■= 
In{Pxy\ab) < I we have that, for (a,b) € Qn, 



21 



D{Pz\abc.X'=x,Y=x-,Pz\abc,X'=x) < ~, 7~ ■ (9) 

i — in 

Proof. We have 



Pz\abc,X'=x,Y=x( z ) ~ Pz\abc.X'=x( z ) — Pz\abc,X'=x,Y=x( z ) — Py Z\abc,X' =x(ll , z ) 

y 

= Pz\abc,X'=x,Y=x( z ) — PY\abc,X' =x{x)Pz\abc,X' =x,Y=x( z ) — PY\abc,X'=x{^ — x)Pz\abc,X' =x,Y=l-x( z ) 
= (1 — PY\abc,X'=x( x )){Pz\abc,X'=x,Y=x{ z ) — Pz\abc,X'=x,Y=l-x{ z )) 



and hence 



P ) {Pz\abc,X' =x,Y=xt Pz\abc,X' =x) — (1 — Py \abc,X'=x ( x ) )D{Pz\abc,X' =x.Y=x ( z ) ! Pz\abc,X'=x, Y=l-x ( z ) ) 

< (1 - PY\abc,X'=x{x)) ■ 



Then note that averaging over the measurements in Qn, 
using (HI) we have 



1_ ^7 = Yf ^ P X'Y\a>b>(x,x) 

(o'.b')eS N 

^ ^ (^Px>Y\ab(x,x)+2N-l 

from which it follows that 

^2 P x'Y\ab(x, x)>l-I N , 



and hence 



P 



Y\abc,X> 



=x(x) 



> 



1 



> 



Px'\ab(x) 
1 

Px'\ab{x) 

21* 



Px'Y\abc(x,x) 
Px'\abc{x) 

(l - In ~ Px>Y\abc(l -x,l- x)) 
(1 - In - (1 - Px>\M)) 



> 1 - 



I -In ' 



where we used ([7]) in the last line. Note that the last step 
does not hold unless In < 1. The claimed relation then 
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follows. □ 

Combining (J9j> and ([6]) (using the triangle inequality 
for D), we have for ijv < 1 

D(P Z \abc,X>= X ,Y= X ,Pz\c) < (1 + rA-) J ^ ' ( 10 ) 

To successfully distinguish the protocols it is necessary 
that they do not abort before the final round. We use _L 
to represent the event that the protocol aborts, and _L to 
represent the event that it does not. 

Lemma 4. For < I N < 2N, if Protocol r' is fol- 
lowed, and Eve supplies i.i.d. states corresponding to non- 
signalling device behaviours with lN{PxiYi\AiBi) — 1% 
for all i, then 

Proof. We have 

Q(.f = J) =((!-«)(! -§F)) J «- 
and hence 

as required. □ 

Our main result is then as follows 

Theorem 5. Take a = 7V~i . T/ien Protocol r' is £- 
secure with respect to id' /or £ = 4p7V~ 1//2 . Further- 
more, in a noise-free implementation with honest devices, 
Protocol R' does noi abort with probability greater than 

Proof. As mentioned above, Protocols r' and id' can be 
optimally distinguished when the eavesdropper supplies 
i.i.d. states, and so her device behaviour can be charac- 
terized by a single value, I N , the value of lN{PxiYi\AiBi) 



on each round i. The two protocols are identical up to 
Step [5j and so can be distinguished only if the protocol 
does not abort. In the case of no abort, the distinguisher 
sees Af, Bf, X'j and Yf , and then has access to a system 
with input C and output Z . (The distinguisher also has 
data from previous rounds, but these are identically dis- 
tributed for Protocols r' and id', and so can be ignored.) 
Noting that the device behaviour of the ideal obeys 

Px'YZ\abci X i Vl Z ) '■— ~2^x,yP\ c {z) , 

we can relate the terms in Q to the device behaviours 
of the real and ideal as follows: 

D R ' - 1 p R ' 

^AfBjX'jYj ~ 2N ^X' f Y f \A f B f 
Q R Z\A f B f CX' f Y } = P Z\A f B f CX' f Y f 
Q 1 A S B S X' S Y, = 4Jf S *>y 

rim' _ p r' 

^Z\A f B f CX' f Y f ~ r Z\C- 

For convenience, we drop the subscript / in the following. 

We will consider two separate cases. The first is I N > 
1/2. In this case, we can upper bound the probability of 
correctly distinguishing the protocols by assuming that 
they can be perfectly distinguished in the case that the 
protocol does not abort. Using Lemma ((4|, it follows that 
in this case the probability of correctly guessing which 
protocol is being used can be upper bounded by 

i(l + Q(I))<i(l + 4Ar*), 

where we have substituted the value of a and used 

(1 + 47V-5 -N-i)- 1 < 1 (11) 

for N > 2 to simplify the bound. 

Turning now to the case I N < 1/2, the probability 
of correctly guessing which protocol is being followed is 
|(1 + Q (I) A), where 



A ; — g max^ \Qabx'yQz\abcx'y Q 1 abx'yQ 1 z\abcx , y\ 

a,b,x,y z 
(«,')ESjv 

= 4^ E m ^Yj\ P X'Y\ab{^y)P^abo XV ^) - ^, V P% C {Z)\ 

a,b,x,y z 

( a ,b)eg N 

= Tiv J2 m ^J2 \ P X<Y\ab(Xiy) P Z\abcxy( Z ) - l P Z\c( Z )\ + 7T7 Yl maX ^ P X>Y\ab( X > V) P ^\abcxy{ Z ) - 



a,b,x,y z a,b,x,y 

(a,b)<=g N ,x = y (a,b)£Q N ,x^y 
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The second term is equal to -At ^ »,&,«,» Px'Y\ b( x > v) = 1^ (-^' ^ ^0' anc ^ the nrs * term is equal to 



(n,b)ee N ,x=B 



Then note that 



^ |-fx'Y|a6( X 7 x )Pz\abcxy( z ) ~ 2~^l c ^l ~ Z l^''K|a&( a ') 2 ')-^i|abc2;j/ ( Z ) — ^X'Y|ai>( a '' X )-P§|c ( Z ) I 

2 2 

z 



< 2P 



2T* 



X>Y\a b ( X > X )(~i + Iff) + \ P X'Y\ah( X ) X ) ~ 9 I 

1 J N z 



where we have used (jlOp . In addition, 

|-Px'F|afc( X ' X ) 

Bringing everything together, we have 



l\ < \PxW\ ab &x)-Px'>\ ab (x)\ + \Px''\a b ( X )-h 



1, 



P X'\a b ( X ) ~ Px'Y\ab( X ' X ) + \Px'\ab( X ) ~ 9 I 



A ^ iJv E ( P x'>>6M(i-^ + + P x-\a b i x ) - P%Y\ ab M + \Px\ ab (*) - ~l) + \P U \X' + Y) 



<( 



1 - I 



N 



1)P N + 1(1 - P«'(X> = Y)) + I -f+ V(A' + Y) = 



l-I* N 2 2N 



N — ■ 1 



N i 



r 



where we used (JT]), (JU), and the last bound relies on 
In ^ 1/2 an d N > 2. The distinguished probability 
of correctly guessing is thus 



i(l + Q(i)A)<i(l 



1 



(1 - «) 1 A 

2Aa 



23 



AT 



Maximizing over < I N < 1/2 gives a maximum of |(1- 



2(JT+i- a ) ) at 7 iv = 1/2- Substituting a = N~* and 
using (fTTj). we can upper bound this by |(1 + ^PiV _ 2). 
Since we have already established a tighter bound for 
In — \i this completes the first part of the claim. 

The probability of an abort in the case that Eve sup- 
plies honest devices (and there is no noise) can be calcu- 
lated as in Lemma SI except that in this situation, each 
round has I N = I% M < n 2 /8N (cf. ©). The probability 
that the protocol does not abort is then 



For sufficiently large N, we can hence make £ as close 
to as we like, at the same time as making the probability 
of an abort in the absence of Eve close to 0. 

Finally, since, by construction, it is harder to distin- 
guish Protocol R from Protocol ID than it is to distinguish 
Protocol r' from id', Protocol R is also ^-secure with re- 
spect to Protocol ID for the same Ci an d an analogous 
statement can be made about Protocol R + . Clearly, too, 
when Eve is honest and noise is absent, Protocols R, r' 
and R + all have the same abort probability, in each case 
bounded by ([12]) . 



1 + 



(1 



2Na 



> 1 



l6N 2 a 



(12) 



from which the claim is recovered by substituting the 
value of a. □ 



Attacks on modified protocols by a post-quantum 
eavesdropper 

Protocol R relies on a probabilistic strategy in which 
Alice and Bob sequentially either (with high probability) 
test a purported entangled state generated by their de- 
vices or (with low probability) generate a key bit from 
the state and immediately end the protocol. We con- 
sider below two seemingly natural modifications of Pro- 
tocol R and highlight some interesting attacks available 
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to an eavesdropper in such cases. The first of our modi- 
fied protocols can be broken by a quantum eavesdropper 
and that the second can be broken by an eavesdropper 
restricted only by signalling constraints. 

Protocol S 

This protocol is specified by positive integers M and 
N. 

1. On the i th round, Alice picks a pair of values 
(Ai, Bi) at random from the set C?at, and announces 
Bi to Bob. 

2. Alice inputs Ai into her device, and Bob Bi into 
his, and they record their outcomes, the bits X, 
and Yi respectively. (Alice ensures that her device 
doesn't learn B t .) If {A t ,B t ) = (0,2N - 1), Alice 
sets X[ = 1 — Xi, otherwise she sets X[ — Xi. The 
protocol returns to Step 1 unless i = M. 

3. Alice randomly chooses an integer 1 < / < M and 
announces it to Bob. 

4. Alice and Bob publicly announce X[ and Yi for all 
i 7^ /. If any of their announced values are unequal, 
they abort. 

5. The bits X'^ and Yf are taken to be the final shared 
bit. 

This protocol is similar in spirit to the original BHK pro- 
tocol [5j , and vulnerable to the same kind of attack in the 
scenario where Alice and Bob have only one device each. 

In this case, if Eve equips her devices with memory, she 
has a simple attack. She programs her devices to behave 
honestly until the final (M th ) round. On this round, 
Alice's device outputs the xor of the previous outputs, 
i.e. i=1 Xj, and Bob's device outputs a random bit. 
This attack leads to a probability of abort close to |, and 
otherwise enables Eve to perfectly guess the final output 
bit. Crucially, the success probability of this strategy 
cannot be made small by adjusting M and N. 

Define Protocol T by altering Step 0] of Protocol S to 
circumvent this attack: 

|U For all i ^ /, Alice chooses Li = with probability 
P and Li — 1 with probability 1— ft. She announces 
this list to Bob. For all the rounds in which Li = 1, 
Alice and Bob publicly announce their outcomes. 
If any of their announced values are unequal, they 
abort. 

With this modification, making the final output the XOR 
of the previous ones does not give Eve significant infor- 
mation, since Eve no longer learns all but one of the 
outputs, {Ai}. However, there is another attack that 
a post-quantum non-signalling eavesdropper can use in 
this case, which allows her to learn the final bit, again 
with a probability of success that cannot be made small 



for any choice of M and N. This attack exploits some 
subtle properties of non-local correlations and cannot be 
performed by a quantum-limited eavesdropper. 

The attack is based on a result in [24[ and involves non- 
local boxes [25|, |26| . These are bipartite systems where 
each party has two choices of input and receives one of 
two outputs. If we denote the inputs x € {0,1} and 
z 6 {0, 1} and the respective outputs a 6 {0, 1} and 
7 £ {0,1}, then the non-local box is a non-signalling 
device which outputs according to x.z = a © 7. 

The attack is as follows. Eve constructs Alice's device 
such that it contains both a set of maximally entangled 
quantum states shared with Bob, and a set of non-local 
boxes shared with Eve (the same number of each). For 
the first M — i rounds of the protocol, Alice's device 
generates its output by making quantum measurements 
as in an honest implementation of the protocol. How- 
ever, as well as supplying the measurement outcome to 
the output port of the device (so that Alice sees it), the 
outcome is also used as input to one of the non-local 
boxes, generating an output (call it ai). (Bob's device 
behaves honestly in the first M — ^ rounds, and outputs 
predetermined random bits in the remaining ones.) 

In the last ^ rounds, Alice's device instead always out- 
puts the XOR of all the previous non-local box outputs, 
i.e. 0^ a t . (Although this may look suspicious, it does 
not violate the stated security tests. In any case it could 
easily be masked by shared randomness between Alice's 
device and Eve.) With reasonable probability, Eve will 
learn this bit (on each round of the protocol, the chances 
that the output of that round is communicated between 
Alice and Bob is (3, so, of the last i, on average 1 will be 

communicated). For each bit of the last that is com- 
municated there is a probability 1/2 of being detected 
by Alice and Bob, so this strategy implies a significant 
probability that Eve will be detected. However, the prob- 
ability that this attack works without detection is inde- 
pendent of N and M and at least 

If Eve learns ©.ai, she can determine the key bit, 
Xf. To see this, notice the non-local box condition is 
Xi.Zi — ai©7i, where Zi are the inputs and 7; the outputs 
of Eve's half of the non-local box. Eve should input to 
all of her halves of the non-local boxes, except the / th 
one in which she inputs 1. We have 

x f = 0(a*-*i) = 0(«» © 7i) = <*i + 7i . 

i i i i 

Therefore, provided she has obtained the bit ® . an, Eve 
can determine the final bit output by the protocol, x / . 

Attacking more noise-tolerant protocols 

In this section, we consider some extensions of the type 
of attack considered in the previous section to two-device 
protocols that (if secure) would be more efficient and 
tolerate more noise. 
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In all device-independent key distribution protocols, 
one needs, in essence, to establish the presence of non- 
local correlations. In order to do so, the detection loop- 
hole must be closed. In other words, a malicious de- 
vice should not be able to exploit detector failures (cases 
where no outcome is observed) to give the false illusion 
of non-locality in the non-failure cases. 

Protocols based on chained Bell correlations with large 
N, are not well-suited to this, since as N increases, it be- 
comes increasingly difficult to close the detection loop- 
hole (the correlations can be classically explained if the 
probability of detector failure is ■h ) . This drawback is not 
limited to the two-device case, and alternative protocols 
tolerating modest levels of noise have been introduced 
in the case where more devices are permitted [HI, EH- 
We now consider the extension of these protocols to the 
two-device case. We do not give a proof that all such pro- 
tocols are insecure, but give an example that highlights 
interesting security issues that can arise in the presence 
of non-signalling eavesdroppers. 

We also mention some other work related to this ques- 
tion. In [l6j , the two-device case was considered for pro- 
tocols based on CHSH correlations. There it was shown 
that privacy amplification via hashing is not possible 
against an adversary limited only by the impossibility 
of signalling between the parties. However, in sig- 
nalling was permitted within the devices (so that outputs 
could depend on later inputs 6 ). For protocols in which 
each party waits for an output before giving their next in- 
put, the most natural signalling constraints are ones that 
allow later outputs to depend on all previous inputs, but 
do not allow outputs to depend on future inputs (we call 
these time-ordered non- signalling conditions). A situa- 
tion that is close to this case (but with subtle and po- 
tentially important differences) has been recently studied 
in [TtJ ■ There protocols based on CHSH correlations were 
again considered, and it was shown that privacy amplifi- 
cation via hashing is not possible for adversaries limited 
by almost time-ordered non-signalling conditions. 

Consider now a key distribution protocol with the fol- 
lowing structure 7 : 

1 . Alice and Bob each make a random input Ai and Bi 
to their devices, ensuring they receive their outputs 
(Xi and Yi respectively) before making the next in- 
put (so that time-ordered non-signalling conditions 
must be obeyed). They repeat this M times. 

2. Either Alice, or Bob (or both) publicly announces 
their measurement choices, and one party checks 
that they had a sufficient number of the relevant 
input combinations, and otherwise aborts. Certain 



6 Although, as currently described, this is unphysical, it is natural 
to consider this for protocols in which each party makes all their 
inputs at the start, and then receives all of their outputs together. 

7 Although this structure is not fully general, most protocols to 
date arc of this type. 
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TABLE I: Behaviour of the "joint function box". Each 
2x2 block takes one of the two forms shown, depending on 
whether F C (X 1 ...X M ) = or F C {X 1 ...X M ) = 1. In this 
notation, the non-signalling conditions are that the sum of the 
elements in each row of each 2x2 block are equal to those of 
the blocks to the left and right, and likewise, the sum of the 
elements in each column are equal to those above and below. 
In the above case, all of these values are 1/2. 

rounds may be discarded according to some public 
protocol. 

3. For each of the remaining bits, Alice independently 
announces it to Bob with probability fi (which is 
such that Mfj, is large). Bob uses this to compute 
some test function. If this has the wrong output, 
Bob aborts. (For example, Bob might compute the 
CHSH value of the announced data, and abort if it 
is below 2.5.) (This step is often called parameter 
estimation.) 

4. Alice and Bob perform error correction using pub- 
lic communication via any protocol in which the 
function Alice applies to her string becomes known 
to Eve 8 . 

5. Alice and Bob publicly perform privacy amplifica- 
tion. The function Alice applies to her string be- 
comes known to EveP. 

The key to Eve's attack is Step [3] She is going to 
attack so as to try to gain one bit of the final output 
string. Eve will also use a "joint function box" , which has 
the following bipartite behaviour. Alice inputs a string 
X\ . . . Xm and obtains a single bit S, Eve inputs C which 
corresponds to a choice of one- bit function (see later), 
and obtains a single bit Z. The behaviour is such that 
Z = S © Fc(Xi ... Am). It is easy to see that this can 
be non-signalling if S is a uniform random bit. 

It follows that Eve can learn any Boolean function of 
Xi, . . . , Xm if she receives just one bit, S. The value of 
C depends on the function Eve wants to learn, the value 
of S she hears and the information reconciliation and 
privacy amplification functions she overhears. There is a 
choice of C for each combination of these values. Thus, 



Typically because it is communicated over the public channel. 



10 



for protocols of the above form (importantly, where Eve 
learns the entire function Alice and Bob use for post- 
processing), she needs to receive only one bit from either 
of her devices to learn one bit about the final output key 
(after privacy amplification). 

In order to try to learn this bit, Eve can exploit the 
parameter estimation step. She programs Alice's device 
to behave honestly for the first M — l//i rounds (note 
that we have not specified which correlations are used; 
this attack does not depend on these (up to a constant 
factor in the abort probability) and even works if the 
honest states are perfect non-local boxes). Her device 
then inputs the bits generated in these rounds into the 
"joint function box", producing output S. This bit is 
then given as the outputs Xi for M — 1/fj, < i < M (this 
could be masked by XORing with some pre-shared ran- 
domness between Alice's device and Eve). Provided at 
least one of the last l//x bits is revealed in the param- 
eter estimation without causing abort (this occurs with 
finite probability that cannot be made arbitrarily small 
by judiciously choosing M and //), Eve can discover any 
desired bit of the final output string. 

There are a couple of important points to note about 
the above attack. Firstly, we assumed a specific protocol 
structure. In particular, altering the way parameter esti- 
mation is done could potentially improve security (some 
altered protocols are discussed in [HI). Secondly, the 
attack relies on a specialized non-local strategy that can- 
not be implemented by an eavesdropper limited by quan- 
tum theory. Proving security of a protocol of this type 
(in particular, with two devices) that is secure against a 
quantum-restricted Eve remains an open question. 



Conclusions 

We have presented a protocol for distribution of a 
one-bit key, and have proven it secure in a universally 
composable way against an arbitrarily powerful adver- 
sary who can create all the supposedly quantum de- 
vices, provided that the devices are not reused in any 
future protocol. The protocol only requires two de- 
vices, whereas the secure protocols previously consid- 
ered required many independent devices. This repre- 
sents a theoretical advance, and also potentially repre- 
sents another step towards practical unconditionally se- 
cure device- independent key distribution protocols. 

That said, several significant and intriguing theoreti- 
cal and practical issues remain. First, the simplest ver- 
sion of our protocol only outputs a single bit, requiring 
a large number of entangled qubit pairs in order to do 
so. The protocol can be generalised to produce an arbi- 
trary length key string, but again, highly inefficiently It 
would be very interesting to know whether significantly 
more efficient two-device secure protocols can be found, 
and to obtain bounds on what is achievable. 

Secondly, for maximum flexibility and more efficient 
use of resources, one would like to be able to repeat the 



protocol to generate further secure key bits. However, if 
devices are reused, this renders the protocol vulnerable 
to the same device- memory- based attacks [IH that apply 
to BHK and other device- independent protocols. While 
it is clear that device-reusing protocols cannot be univer- 
sally composable, the general scope of such attacks and 
the possibilities of countering them either by refined pro- 
tocols (see [l5[ for ideas in this direction, some of which 
have been later developed in [27}) or by evidently reli- 
able technological assumptions have not yet been fully 
explored. It would be very interesting to resolve these 
questions in the present context. 

Thirdly, tolerance to noise is a significant practical is- 
sue for our protocol. As given, it aborts if there is one set 
of measurements that give unequal outcomes. The proto- 
col parameters are tuned such that this is very unlikely if 
the devices operate perfectly. However, with more realis- 
tic, noisy devices, using present technology, the protocol 
will have a very high abort rate. Although the protocol 
could be adapted to tolerate small amounts of noise, it is 
far from being practical in this respect. 

Fourthly, our scheme requires an authenticated (al- 
though public) classical channel, and, a common way 
to implement this in an information-theoretically secure 
way using an insecure classical channel, is by using a pre- 
shared key. This reinforces the points already made: it 
would be desirable to have more efficient two-device pro- 
tocols that allow for some consumption of key for classical 
authentication and nonetheless provide quantum key ex- 
pansion at practically useful rates in realistically noisy 
environments. 

In summary, while we have presented a protocol show- 
ing that device- independent quantum key distribution is 
in principle possible using two devices, a number of theo- 
retically interesting and practically important questions 
remain open. 

Remark: In some concurrent work an alternative 
technique for proving security of device- independent 
QKD with two devices has been suggested [28|. Fur- 
thermore, since the first version of our paper, an addi- 
tional article has appeared [29[ reporting an efficient and 
noise-tolerant scheme. We note that these works differ 
from ours in that they consider quantum-limited eaves- 
droppers and do not apply to the case of eavesdroppers 
limited only by signalling constraints. 
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